<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-cite-prefix">On 03/10/2015 07:20 PM, Gervase Markham
wrote:<br>
</div>
<blockquote cite="mid:54FF27EA.8080108@mozilla.org" type="cite">
That "even" is the key question. The counter argument is that if
you
still have the private key, you haven't issued a certificate to
that
organization. You've created one which has their name in...<br>
</blockquote>
<br>
Right, and we give them the right to use it for the agreed purpose
etc. <br>
<br>
But it's not used by ourselves and it's not used by company XYZ, but
by a particular company we engaged with, validated and probably
signed a contract and which uses it for the agreed purpose using
some mechanism. The root CA still issued the intermediate CA to that
company....<br>
<br>
I believe Mozilla defines this as a managed/controlled CA which
doesn't require disclosure of the CA as compared to an intermediate
CA that controls the private key (some lose recollection from
memory).<br>
<br>
<div class="moz-signature">-- <br>
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, COO/CTO</td>
</tr>
<tr>
<td> </td>
<td><a href="http://www.startcom.org">StartCom Ltd.</a></td>
</tr>
<tr>
<td>XMPP: </td>
<td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
</tr>
<tr>
<td>Twitter: </td>
<td><a href="http://twitter.com/eddy_nigg">Follow Me</a></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
</body>
</html>